Table of Contents generated with DocToc
This directory is a worked example of a non-ASF adopter profile. It does not represent a real project. Its purpose is to demonstrate and test acceptance criterion 3 of docs/specs/project-agnosticism.md:
A non-ASF profile can be declared without editing any skill body.
The fictional project — Velox Stream — is a community-governed stream-processing library hosted entirely on GitHub, using DCO contributor sign-off, GitHub Security Advisories for security intake, direct MITRE CVE allocation, and GitHub Releases for distribution. None of these choices require editing any skill body; each maps to a configuration flag or placeholder declared below.
This fixture sets organization: independent and inherits the organizations/independent/ baseline, where an ASF project sets organization: ASF and inherits organizations/ASF/. The two organizations carry the differences below — the skills are identical:
| Dimension | ASF default | This fixture (non-ASF) |
|---|---|---|
| Governance | PMC membership, ICLA | DCO sign-off, no formal governance body |
| CVE authority | ASF Vulnogram | MITRE direct (mitre-form) |
| Security intake | security@<project>.apache.org email | GitHub Security Advisories (GHSA) |
| Mail archive | PonyMail (lists.apache.org) | None (no mailing lists) |
| Distribution | dist.apache.org / closer.lua | GitHub Releases |
| Announcement | announce@apache.org list | GitHub Releases + Discussions |
| Project metadata | apache-projects-mcp | none (maintainer-supplied roster) |
| Committer intake | ICLA gate + ASF member vote | DCO + maintainer team decision |
project.md — core identity, repositories, security workflow configissue-tracker-config.md — GitHub Issues on the upstream repostale-sweep-config.md — stale-sweep thresholdsreviewer-roster.md — reviewer roster for reviewer-routing (GitHub handles, declared areas, load caps; no ASF-specific fields)tools/skill-evals/evals/non-asf-profile-smoke/ drives multiple skills through this profile and asserts that a non-ASF project can run the full framework without editing any skill body. Surfaces covered:
security-issue-import Step 3) — GHSA advisory, direct email, and automated-scanner inputs are classified without any ASF forwarder or mailing-list infrastructure.release-prepare Step 0) — github-releases + pr-approval mechanism passes pre-flight; missing release-train blocks.committer-onboarding Step 1) — DCO and no-CLA intake models skip ICLA/secretary-request steps.reviewer-routing Step 3) — reviewer-roster.md drives routing with no ASF PMC or Apache ID; area-match and load-aware fallback both work against the independent organization profile.issue-stale-sweep Steps 1 and 3) — GitHub Issues and non-ASF label names work without PMC roster or PonyMail.